CVE-2020-1103

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’.

Source: CVE-2020-1103

CVE-2020-1093

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060.

Source: CVE-2020-1093

CVE-2020-1096

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka ‘Microsoft Edge PDF Remote Code Execution Vulnerability’.

Source: CVE-2020-1096

CVE-2020-1107

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.

Source: CVE-2020-1107

CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka ‘.NET Core & .NET Framework Denial of Service Vulnerability’.

Source: CVE-2020-1108

CVE-2020-1077

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka ‘Windows Runtime Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164.

Source: CVE-2020-1077

CVE-2020-1076

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka ‘Windows Denial of Service Vulnerability’.

Source: CVE-2020-1076

CVE-2020-1075

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka ‘Windows Subsystem for Linux Information Disclosure Vulnerability’.

Source: CVE-2020-1075

CVE-2020-1071

An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka ‘Windows Remote Access Common Dialog Elevation of Privilege Vulnerability’.

Source: CVE-2020-1071

CVE-2020-1072

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’.

Source: CVE-2020-1072